1. Главная
  2. Книги
  3. Vallabhaneni S. Rao
  4. CISSP Practice
  5. Страница 284
Выбрать главу

Support for safety so that no access permissions can be leaked to unauthorized individuals, which can be implemented through access control configurations and models

Support for proper mapping of subject, operation, object, and attributes

Support for preventing or resolving access control policy conflicts resulting in deadlock situation due to cyclic referencing

Support for a horizontal scope of access controls (across platforms, applications, and enterprises)

Support for a vertical scope of access controls (between operating systems, database management systems, networks, and applications)

Access authority

An entity responsible for monitoring and granting access privileges for other authorized entities.

Access category

One of the classes to which a user, a program, or a process may be assigned on the basis of the resources or groups of resources that each user, program, or process is authorized to use.

Access control

(1) What permits or restricts access to applications at a granular level, such as per-user, per-group, and per-resources. (2) The process of granting or denying specific requests for obtaining and using information and related information processing services and to enter specific physical facilities (e.g., buildings). (3) Procedures and controls that limit or detect access to critical information resources. This can be accomplished through software, biometrics devices, or physical access to a controlled space. (4) Enables authorized use of a computer resource while preventing unauthorized use or use in an unauthorized manner. (5) Access controls determine what the users can do in a computer system. (6) Access controls are designed to protect computer resources from unauthorized modification, loss, or disclosure. (7) Access controls include both physical access controls, which limit access to facilities and associated hardware, and logical access controls, which prevent or detect unauthorized access to sensitive data and programs stored or transmitted electronically.

Access control list (ACL)

A register of (1) users (including groups, machines, programs, and processes) who have been given permission to use a particular system resource and (2) the types of access they have been permitted. This is a preventive and technical control.

Access control matrix

A table in which each row represents a subject, each column represents an object, and each entry is the set of access rights for that subject to that object.

Access control measures and mechanisms

Hardware and software features (technical controls), physical controls, operational controls, management controls, and various combinations of these designed to detect or prevent unauthorized access to an IT system and to enforce access control. This is a preventive, detective, and technical control.

Access control policy

The set of rules that define the conditions under which an access may take place.

Access control software

(1) Vendor supplied system software, external to the operating system, used to specify who has access to a system, who has access to specific resources, and what capabilities are granted to authorized users. (2) Access control software can generally be implemented in different modes that provide varying degrees of protection, such as (i) denying access for which the user is not expressly authorized, (ii) allowing access which is not expressly authorized but providing a warning, or (iii) allowing access to all resources without warning regardless of authority.

Access control triple

A type of access control specification in which a user, program, and data items (a triple) are listed for each allowed operation.

Access deterrence

A design principle for security mechanisms based on a user’s fear of detection of violations of security policies rather than absolute prevention of violations.

Access level

The hierarchical portion of the security level used to identify data sensitivity and user clearance or authorization. Note: The access level and the non-hierarchical categories form the sensitivity label of an object.

Access list

Synonymous with access control list (ACL).

Access logs

Access logs will capture records of computer events about an operating system, an application system, or user activities. Access logs feed into audit trails.

Access matrix

A two-dimensional array consisting of objects and subjects, where the intersections represent permitted access types.

Access method

The technique used for selecting records in a file for processing, retrieval, or storage

Access mode

A distinct operation recognized by protection mechanisms as possible operations on an object. Read, write, and append are possible modes of access to a file, while whereas “execute” is an additional mode of access to a program.

Access password

A password used to authorize access to data and distributed to all those who are authorized similar access to those data. This is a preventive and technical control.

Access path

The sequence of hardware and software components significant to access control. Any component capable of enforcing access restrictions, or any component that could be used to bypass an access restriction should be considered part of the access path. The access path can also be defined as the path through which user requests travel, including the telecommunications software, transaction processing software, and applications software.

Access period

A segment of time, generally expressed on a daily or weekly basis, during which access rights prevail.

Access port

A logical or physical identifier that a computer uses to distinguish different terminal input/output data streams.

Access priorities

Deciding who gets what priority in accessing a system. Access priorities are based on employee job functions and levels rather than data ownership.

Access privileges

Precise statements defining the extent to which an individual can access computer systems and use or modify programs and data on the system. Statements also define under what circumstances this access is allowed.

Access profiles

There are at least two types of access profiles: user profile and standard profile. (1) A user profile is a set of rules describing the nature and extent of access to each resource that is available to each user. (2) A standard profile is a set of rules describing the nature and extent of access to each resource that is available to a group of users with similar job duties, such as accounts payable clerks.

Access rules

Clear action statements describing expected user behavior in a computer system. Access rules reflect security policies and practices, business rules, information ethics, system functions and features, and individual roles and responsibilities, which collectively form access restrictions. Access rules are often described as user security profiles (access profiles). Access control software implements access rules.

Access time minimization

A risk reducing principle that attempts to avoid prolonging access time to specific data or to the system beyond what is needed to carry out requisite functionality.

Access type

The nature of an access right to a particular device, program, or file (e.g., read, write, execute, append, modify, delete, or create).

Accessibility

The ability to obtain the use of a computer system or a resource or the ability and means necessary to store data, retrieve data, or communicate with a system.

~ 284 ~